As the inspector general for India's Crime Investigation Department, Singh shared his insights with the event's attendees, hailing from across India and Asia. Singh, who's also a liaison officer with Interpol, said the fight against cybercrime demands that police and businesses work together.

"The threat is evolving in such a manner that it would be impossible for law enforcement alone to tackle it," he said. "All of our traditional models of policing, they don't work here."

Echoing other presenters throughout the day, however, he also noted that because few organizations in India must report any data breaches they suffer to authorities, the full extent of India's data breach problem remains unknown. "The reported figures you see may not even be 1 percent of what is happening," he said.

Threat Intelligence Warnings

In break-out sessions, attendees broke up into five groups, rotating between tables where they focused on a discussion topic for 10-minute periods. At one discussion focused on advanced persistent threats, for example, some delegates said that "low and slow" and difficult-to-detect threats are an increasing concern. Some of the security professionals also admitted to finding internal breaches that had persisted for months before being detected.

Many attendees also said they expect the number of sophisticated cyberattacks to continue rising, especially in light of the Indian government undertaking a massive digitization effort and Indian manufacturing beginning to pose more of an economic threat to China, thus increasing the likelihood of online espionage against Indian organizations.

To better detect attacks, many attendees say they would like to adopt threat intelligence feeds. But Siva Sivasubramanian, chief of security for global telecommunications firm Bharti Airtel, based in New Delhi, India, cautioned that to be effective, threat intelligence must involve more than just subscribing to threat-intelligence data feeds. "It's a painstaking piecing up of information," he said.

Furthermore, acting on that information can potentially cause disruption. "Every piece of threat intelligence we get, to make it into an action, you're going to disrupt the fabric of your organization," Sivasubramanian said.

Cyberwar Will Target Businesses

Meanwhile, the imperative to improve security defenses continues to grow, especially at the private firms that now comprise the majority of India's critical infrastructure - ranging from energy and water supply to transportation and banking, said Raghu Raman - president of risk, security and new ventures for Mumbai-based Indian conglomerate holding company Reliance Industries. The firm owns a variety of companies in the energy, textiles, retail and telecommunications sectors, among others.

In a "Spotlight Session on Cyberwar" focused on India, Raman, a former captain in the Indian Armed Forces, predicted that geopolitical conflicts will increasingly include an online component that targets India's critical infrastructure. But as in many other countries, the vast majority of India's critical infrastructure is owned by the private sector, meaning that future conflicts may well target corporations, which need to get their security house in order. "The battlefield of the future is going to be corporations," Raman said.

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.